Specifications

ManualsBrandsEnterasys ManualsComputer equipmentRBT-4102

111

112

113

114

115

116

117

118

119

120

Security

4-82 Advanced Configuration

• Pre‐Authentication.IfPre‐Authenticationisenabled,aWPA2wirelessclientcanperforman

802.1Xauthenticationwithotherwirelessaccesspointsinitsrangewhenitisstillconnectedto

itscurrentwirelessaccesspoint.

TousePre‐Authentication,youmusthavethefollowing:

– WirelessnetworkadaptorsthatsupportWPA2.

–WindowsXPwirelessnetworkadaptordriversthatsupportthepassingofWPA2

capabilitiestoWindowsWirelessAutoConfiguration.

• Authentication

– OpenSystem(thedefaultsetting):SelectthisoptionifyouplantouseWPAor802.1xasa

securitymechanism.Ifyoudon’tsetupanyothersecuritymechanismontheaccess

point,

thenetworkhasnoprotectionandisopentoallusers.

– SharedKeysetstheaccesspointtouseWEPsharedkeys.Ifthisoptionisselected,you

mustconfigureatleastonekeyontheaccesspointandallclients.

– WPA(Wi‐FiProtectedAccess)isastandards‐based,

interoperablesecurityenhancement

thatstronglyincreasesthelevelofdataprotectionandaccesscontrolforexistingand

futurewirelessLANsystems.Itisderivedfromandwillbeforward‐compatiblewiththe

upcomingIEEE802.11istandard.WPAleveragesTKIP(TemporalKeyIntegrityProtocol)

fordataprotectionand802.1Xfora uthenticated

keymanagement.

– WPA‐PSK.UsesWPAkeymanagement,non‐rootaccesspoint/bridg esandthe

authenticationserverauthenticatetoeachotherusinganEAPauthenticationmethod,and

thenon‐rootaccesspoint/bridgeandservergenerateapairwisemasterkey(PMK).Using

WPA,theservergeneratesthePMKdynamicallyandpassesit

totherootaccesspoint/

bridge.UsingWPA‐PSK,however,youconfigureapre‐sharedkeyonboththenon‐root

accesspoint/bridgeandtherootaccesspoint/bridge,andthatpre‐sharedkeyisusedas

thePMK.

– WPA2providesastrongerencryptionmechanismthroughAES,whichisarequirement

for

somecorporateandgovernmentusers.TKIP,theencryptionmechanisminWPA,

reliesonRC4insteadofTripleDataEncryptionStandard(3DES),AES,oranother

encryptionalgorithms.

– WPA‐WPA2‐MixedpermitsthecoexistenceofWPAandWPA2clientsonacommonSSID.

WPA2‐mixedmodeisaWi‐FiCertifiedfeature.

Theaccesspointadvertisesthe

encryptionciphers(TKIP,CCMP,other)thatareavailableforuse.Theclientselectsthe

encryptioncipheritwouldliketouse,andtheselectedencryptioncipherisusedfor

encryptionbetweentheclientandaccesspointonceitisselectedbytheclient.

• DataEncryptionenables

ordisablestheaccesspointtouseWEPsharedkeysfordata

encryption.Ifthisoptionisselected,youmustconfigureat

leastonekeyontheaccesspoint

andallclients.(Default:Disable

)

• WPAClientssetsthespecifiedradiointerfaceorVAPto:

– Required‐allowsonlyWPA‐enabled clientstoaccessthenetwork.

Note: To use 802.1x on wireless clients requires a network card driver and 802.1x

client software that supports the EAP authentication type that you want to use.

Windows XP provides native WPA support, other systems require additional software.

Note: You must enable WEP encryption in order to enable all types of encryption on the access

point; however, you do not need to define WEP keys for WPA.